脚本实现功能:批量或单个SSH免交互登录认证
脚本应用场景:当部署集群时,大多数实现要配置好管理节点与从节点的SSH免交互登录,针对这样的情况,写了下面脚本,简化工作。
脚本支持系统:Ubuntu和CentOS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#!/bin/bash
# Description: configuration local host and remote host ssh keypair authentication, Support Ubuntu and CentOS operation system.
# Blog: http://lizhenliang.blog.51cto.com
function
color_echo() {
if
[ $1 ==
"green"
];
then
echo
-e
"\033[32;40m$2\033[0m"
elif
[ $1 ==
"red"
];
then
echo
-e
"\033[31;40m$2\033[0m"
fi
}
function
os_version() {
local
OS_V=$(
cat
/etc/issue
|
awk
'NR==1{print $1}'
)
if
[ $OS_V ==
"\S"
-o $OS_V ==
"CentOS"
];
then
echo
"CentOS"
elif
[ $OS_V ==
"Ubuntu"
];
then
echo
"Ubuntu"
fi
}
function
check_ssh_auth() {
if
$(
grep
"Permission denied"
$EXP_TMP_FILE >
/dev/null
);
then
color_echo red
"Host $IP SSH authentication failure! Login password error."
exit
1
elif
$(
ssh
$INFO
'echo yes >/dev/null'
);
then
color_echo green
"Host $IP SSH authentication successfully."
fi
rm
$EXP_TMP_FILE >
/dev/null
}
function
check_pkg() {
local
PKG_NAME=$1
if
[ $(os_version) ==
"CentOS"
];
then
if
! $(rpm -ql $PKG_NAME >
/dev/null
2>&1);
then
echo
no
else
echo
yes
fi
elif
[ $(os_version) ==
"Ubuntu"
];
then
if
! $(dpkg -l $PKG_NAME >
/dev/null
2>&1);
then
echo
no
else
echo
yes
fi
fi
}
function
install_pkg() {
local
PKG_NAME=$1
if
[ $(os_version) ==
"CentOS"
];
then
if
[ $(check_pkg $PKG_NAME) ==
"no"
];
then
yum
install
$PKG_NAME -y
if
[ $(check_pkg $PKG_NAME) ==
"no"
];
then
color_echo green
"The $PKG_NAME installation failure! Try to install again."
yum makecache
yum
install
$PKG_NAME -y
[ $(check_pkg $PKG_NAME) ==
"no"
] && color_echo red
"The $PKG_NAME installation failure!"
&&
exit
1
fi
fi
elif
[ $(os_version) ==
"Ubuntu"
];
then
if
[ $(check_pkg $PKG_NAME) ==
"no"
];
then
apt-get
install
$PKG_NAME -y
if
[ $(check_pkg $PKG_NAME) ==
"no"
];
then
color_echo green
"$PKG_NAME installation failure! Try to install again."
apt-get autoremove && apt-get update
apt-get
install
$PKG_NAME --force-
yes
-y
[ $(check_pkg $PKG_NAME) ==
"no"
] && color_echo red
"The $PKG_NAME installation failure!"
&&
exit
1
fi
fi
fi
}
function
generate_keypair() {
if
[ ! -e ~/.
ssh
/id_rsa
.pub ];
then
color_echo green
"The public/private rsa key pair not exist, start Generating..."
expect -c "
spawn
ssh
-keygen
expect {
\"
ssh
/id_rsa
):\" {send \"\r\";exp_continue}
\"passphrase):\" {send \"\r\";exp_continue}
\"again:\" {send \"\r\";exp_continue}
}
" >
/dev/null
2>&1
if
[ -e ~/.
ssh
/id_rsa
.pub ];
then
color_echo green
"Generating public/private rsa key pair successfully."
else
color_echo red
"Generating public/private rsa key pair failure!"
exit
1
fi
fi
}
EXP_TMP_FILE=
/tmp/expect_ssh
.tmp
if
[[ $1 =~ ^[a-z]+@[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}@.* ]];
then
install_pkg expect ; generate_keypair
for
i
in
$@;
do
USER=$(
echo
$i|
cut
-d@ -f1)
IP=$(
echo
$i|
cut
-d@ -f2)
PASS=$(
echo
$i|
cut
-d@ -f3)
INFO=$USER@$IP
expect -c "
spawn
ssh
-copy-
id
$INFO
expect {
\"(
yes
/no
)?\" {send \"
yes
\r\";exp_continue}
\"password:\" {send \"$PASS\r\";exp_continue}
}
" > $EXP_TMP_FILE
# if login failed, login error info append temp file
check_ssh_auth
done
elif
[[ $1 =~ ^[a-z]+@[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}-[0-9]{1,3}@.* ]];
then
install_pkg expect ; generate_keypair
START_IP_NUM=$(
echo
$1|
sed
-r
's/.*\.(.*)-(.*)@.*/\1/'
)
END_IP_NUM=$(
echo
$1|
sed
-r
's/.*\.(.*)-(.*)@.*/\2/'
)
for
((i=$START_IP_NUM;i<=$END_IP_NUM;i++));
do
USER=$(
echo
$1|
cut
-d@ -f1)
PASS=$(
echo
$1|
cut
-d@ -f3)
IP_RANGE=$(
echo
$1|
sed
-r
's/.*@(.*\.).*/\1/'
)
IP=$IP_RANGE$i
INFO=$USER@$IP_RANGE$i
expect -c "
spawn
ssh
-copy-
id
$INFO
expect {
\"(
yes
/no
)?\" {send \"
yes
\r\";exp_continue}
\"password:\" {send \"$PASS\r\";exp_continue}
}
" > $EXP_TMP_FILE
check_ssh_auth
done
else
echo
"Example1: $0 <root@192.168.1.10-15@password>"
echo
"Example2: $0 <root@192.168.1.10@password>"
echo
"Example3: $0 [root@192.168.1.10@password root@192.168.1.11@password root@192.168.1.12@password ...]"
fi
|
本文转自 李振良OK 51CTO博客,原文链接:http://blog.51cto.com/lizhenliang/1736179,如需转载请自行联系原作者